CVE-2008-0457

Symantec Backupexec System Recovery - Improper Input Validation

Title source: rule

Description

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by titon · htmlremotewindows

https://www.exploit-db.com/exploits/5078

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by titon · htmlremotewindows

https://www.exploit-db.com/exploits/31072

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://secunia.com/advisories/28787

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/0413

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5078

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/487688/100/0/threaded

[Exploit] http://www.securityfocus.com/bid/27487

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019303

[Patch] http://seer.entsupport.symantec.com/docs/297171.htm

[Patch] http://www.symantec.com/avcenter/security/Content/2008.02.04.html

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-08-003.html

Scores

EPSS 0.2975

EPSS Percentile 96.6%

Details

CWE

CWE-20

Status published

Products (2)

symantec/backupexec_system_recovery 7.0

symantec/backupexec_system_recovery 7.01

Published Feb 07, 2008

Tracked Since Feb 18, 2026